Two-Factor Authentication (2FA)

1. In the Infinity Portal, open the Profile Settings page. In the upper-right corner:

   • Click the user name, or

   • Click the arrow next to the user name > Profile Settings.

   The Profile Settings window opens.

2. Verify your mobile phone number for 2FA:

   1. In the Phone field, enter your mobile phone number.

   2. Click Send code.

      Check Point sends an SMS to your phone with a six-digit code.

   3. Enter the code in the Enter Code field.

   4. Click Verify.

1. Download one of these authenticator applications to your mobile phone:

   • Google Authentication

   • Microsoft Authenticator

   • Authy

2. In the Infinity Portal, open the Profile Settings page. In the upper-right corner:

   • Click the user name, or

   • Click the arrow next to the user name > Profile Settings.

   The Profile Settings window opens.

3. Toggle the Two-factor Authentication (2FA) switch to ON.

   The Two-Factor Authentication (2FA) configuration wizard window opens.

4. Follow the on-screen instructions to connect the authentication app to the Infinity Portal.

   Note - If you did not verify your phone number in the Profile Settings window, you must verify it in the Two-Factor Authentication (2FA) configuration wizard.

5. If you want to require yourself to use 2FA for all Infinity Portal accounts, keep the toggle on. If you want to use 2FA only when required by a Primary Administrator of an account, switch the toggle to OFF.

6. Click Finish to close the wizard.

You can require yourself to use 2FA every time you log in to the Infinity Portal, even when the Global Administrator of the Infinity Portal account does not require 2FA.

Use Case: A security administrator works for a Check Point MSSP to manage child accounts. One of the MSSP's customers does not require its own security administrators to use 2FA. The MSSP's corporate policy requires 2FA for all Infinity Portal logins.

Procedure

1. In the Infinity Portal, open the Profile Settings page. In the upper-right corner:

   • Click the user name, or

   • Click the arrow next to the user name > Profile Settings.

   The Profile Settings window opens.

2. Toggle the Two-factor Authentication (2FA) switch to ON.

   If you do not have an authentication app configured, the Two-Factor Authentication (2FA) configuration wizard window opens. Follow the steps in the wizard to configure an authentication app or to require 2FA through SMS.

   Note - If you did not verify your phone number in the Profile Settings window, you must verify it in the Two-Factor Authentication (2FA) configuration wizard.

3. Click Finish.

In the Infinity Portal, click > Users.

The 2FA configured column of the table shows one of these 2FA configurations for each user:

The 2FA table row shows you the 2FA authentication method(s) that the user configured for himself in Profile Settings. This table row is not related to the 2FA enforcement policy for the tenant.

Reset a user's phone number in these scenarios:

• The user gets a new phone with a new number.

• The user's phone is lost or stolen.

• The user has a problem using 2FA with SMS.

Procedure

1. In the Infinity Portal, click > Users.

2. Click the table row with the name of the user.

3. Click Edit.

   The Edit User window opens.

4. In the Phone number field, enter a phone number for the user.

5. Click Save.

Reset an authentication app for a user when the user gets a new phone (with the same phone number) or has a problem with the app.

After the reset, if 2FA is required for account login, Check Point sends an SMS with an authentication code to the user's verified phone number.Then, the user can log in to the Infinity Portal and create a new authenticator app configuration (see Verify your phone number for the Infinity Portal to use for 2FA through SMS).

Procedure

1. In the Infinity Portal, click > Users.

   The 2FA configured column of the table shows one of these 2FA configurations for each user:

   Icon	2FA Configuration
   	The user does not have 2FA configured.
   By app	The user has 2FA configured with an authenticator app.
   By phone	The user has 2FA configured with SMS.
   App and phone	The user has 2FA configured with an authenticator app and with SMS.

2. Select a user from the table and click Reset 2FA.

3. To see updated user information, click Refresh.

2FA enforcement settings in the Identity & Access page apply to all users of this Infinity Portal account. Only a Primary Administrator can change these settings.

1. In the Infinity Portal, click > Identity & Access.

2. In the Two-Factor Authentication (2FA) section, select when to enforce 2FA:

   • Enforce Two-Factor Authentication for every login to this account - Users must use 2FA to log in with username and password and for login with SSO through an Identity Provider (IdP).

   • Enforce Two-Factor Authentication for login with username and password - This option is selected by default.

   A confirmation window opens.

3. In the confirmation window, click Enforce.